On 10/4/06, Jason Lingel <[EMAIL PROTECTED]> wrote:
Thanks for your help.  It pointed me in the right direction, though it still
doesn't quite work.  Here are the entries I made in my httpd.conf:

RewriteLog /opt/asn/logs/rewrite.log
RewriteLogLevel 5
RewriteCond %{LA-U:REMOTE_USER} ^(.*)@ COMPANY.COM$
RewriteRule /.* - [E=REMOTE_USER:%1]


My intent is to modify the REMOTE_USER variable to drop the Kerberos Realm
name.  This seems to work correctly from the apache log entry:

 10.1.12.70 - - [04/Oct/2006:13:48:45 --0700]
[server1.company.com/sid#81ec8][rid#16c660/initial] (5)
lookahead: path=/oasis/preproduction/htdocs/gifs/oasis-
home.gif var=REMOTE_USER -> [EMAIL PROTECTED]
10.1.12.70 - - [04/Oct/2006:13:48:45 --0700] [
server1.company.com/sid#81ec8][rid#16c660/initial] (4)
RewriteCond: input='[EMAIL PROTECTED]' pattern='^(.*)@COMPANY.COM$' =>
matched
10.1.12.70 - - [04/Oct/2006:13:48:45 --0700]
[server1.company.com/sid#81ec8][rid#16c660/initial] (5)
setting env variable 'REMOTE_USER' to 'gdwfkd'

but the variable that gets passed to the CGI script still has the realm name
append to it.

The standard environment variables are set by apache immediately
before calling the CGI script and they can't be overridden.  If you
really need this, the only alternatives I know are:

1. Modify the module that is doing the authentication to set the
internal REMOTE_USER (actually, the apache internal variable that
later will be used to set the env variable REMOTE_USER) to the value
you want.

2. Instead of directly calling your cgi script, call another script
that simply resets the environment and then calls the main script.
This will cost you an extra process invocation for every request, of
course.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to